>>>>> "Alan" == Alan Buxey <[log in to unmask]> writes: Alan> Hi, >> 1) Freeradius should not require a shared secret for TLS >> connections Alan> oh but it has to - as part of the RADIUS over TLS Alan> specification the underlying RADIUS part isnt changed...and a Alan> shared secret needs to be present - so the default of 'radsec' Alan> is used - RFC 6614 - OSC updated their default too (to Alan> 'radsec') with version 4.11 of RADIATOR - so if we want cross Alan> RADIUS interoperability we want to stay in spec To clarify, when reading a config file if the client or listener is set to tls protocol, and no secret is specified, the config structure should be populated with the default secret from the RFC. Today it forces you to stick a secret in the config file.